OleDbParameter参数的使用

 运用参数可防止一些sql攻击

       public bool judIDPW(string CustomerName, string CustomerPassword)
        {
            OleDbParameter par1 = new OleDbParameter();
            par1.ParameterName = "@CustomerName";
            par1.Value = CustomerName;
            OleDbParameter par2 = new OleDbParameter();
            par2.ParameterName = "@CustomerPassword";
            par2.Value =Security.Encrypt(CustomerPassword);

            OleDbCommand cmd = new OleDbCommand("select CustomerID from Customers where CustomerName=@Customer and CustomerPassword=@CustomerPassword", con);
            cmd.Parameters.Add(par1);
            cmd.Parameters.Add(par2);
            con.Open();
            OleDbDataReader dr = cmd.ExecuteReader();
            if (dr.Read())
            {
                con.Close();
                return true;
            }
            else
            {
                con.Close();
                return false;
            }
        }

 
posted on 2007-04-07 22:24  上校  阅读(4212)  评论(2编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 上校
Powered by .NET 8.0 on Kubernetes